30+ New Azure Sentinel Data Connectors

Published Mar 02 2021 05:56 AM 11.8K Views
Microsoft

Today, we are announcing over 30 new out-of-the-box data connectors for Azure Sentinel to enable data collection for leading security products and other clouds. With these new connectors, we are continuing the momentum to enable customers to easily bring data from different products into Azure Sentinel and analyze data at cloud scale.

 

These data connectors include a parser that transforms the ingested data into Azure Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Azure Sentinel. New workbooks and analytic rule templates, leveraging these parsers, are also available to help you monitor these new data sources and detect threats immediately. Refer to the documentation for a complete list of data connectors that you can leverage in Azure Sentinel.

 

Cisco

Four new data connectors for Cisco enable you to ingest Cisco Umbrella, Cisco Meraki, Cisco Firepower and Cisco UCS logs respectively. Use the new workbooks for these data sources to monitor your DNS, IP, Proxy, and Cloud Firewall logs from these products, as illustrated below. You can directly ingest Cisco Umbrella logs from AWS S3 buckets using the new Cisco Umbrella data connector. Both Cisco Umbrella and Cisco Meraki, now in Public Preview, have been among the top requested data connectors in the Azure Sentinel User Voice forum. Please continue to voice your feedback!

Cisco Umbrella workbookCisco Umbrella workbook

 

NXLog

NXLog brings Azure Sentinel support for both the NXLog Linux Audit System and Windows Event Tracing modules with two new data connectors that deliver Linux audit and Windows DNS Server events, respectively.   These connectors enable the delivery of audit and analytical DNS server events Linux security events to Azure Sentinel in real-time.

 

Salesforce Cloud

The Salesforce Cloud data connector enables operational events to be ingested in Azure Sentinel. These events are from 38 logs that includes audit, files, search, and more. This data connector has a parser that enables you to correlate Salesforce logs with other logs easily in Azure Sentinel to build integrated experiences.

 

Akamai

The Akamai data connector provides the capability to ingest security events generated by Akamai platform into Azure Sentinel. Use the parser for Akamai to build and correlate Akamai logs with other logs to enable rich alerting and investigation experiences.

 

Trend Micro

Two new data connectors for Trend Micro enable you to ingest Trend Micro TippingPoint SMS IPS events and Trend Micro XDR workbench alerts, respectively. The XDR connector comes with a workbook to help with insights into alert trends and impacted hosts. The XDR connector also includes two analytic rule templates to create incidents for XDR alerts depending on severity.

Trend Micro workbookTrend Micro workbook

 

Proofpoint POD

Proofpoint On Demand (POD) data connector provides the capability to get Proofpoint On Demand email protection data. This data enables you to check message traceability, monitor email activity, threats, and data exfiltration by attackers and malicious insiders. Both mail and message logs are ingested by this data connector. Furthermore, the parser enables you to easily correlate email logs with other security logs for enhanced incident tracking and automated response scenarios.

 

Google Workspace / G-Suite

The Google Workspace data connector enables ingestion of Google Workspace Activity events into Azure Sentinel. This includes logs for admin activity, Google drive usage, login, mobile, authorization tokens, user workspace accounts and calendar usage reports. Use the parser to correlate this data with other logs to examine potential security risks, diagnose configuration problems, track who signs in and when, analyze administrator activity, understand how users create and share content, and more.

 

Sophos Cloud Optix

The Sophos Cloud Optix data connector allows you to easily connect Sophos Cloud Optix logs of your choice with Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's cloud security and compliance posture and improves your cloud security operation capabilities.

 

VMWare ESXi

The VMWare ESXi data connector enables you to ingest VMWare vSphere system logs in Azure Sentinel. This gives you more insight into your organization's ESXi servers and improves your security operation capabilities. Use the parser to correlate ESXi data with other data in Azure Sentinel.

 

Juniper SRX

Juniper SRX data connector enables ingestion of network traffic logs in Azure Sentinel. Use the parser to build rich monitoring workbooks and alerting in Azure Sentinel.  

 

SonicWall

The SonicWall data connector enables you to ingest SonicWall Firewall logs from your virtual or on-prem firewalls. This data connector captures log activity and includes every connection source and destination name and/or IP address, IP service, and number of bytes transferred. This connector comes with some sample queries to help you navigate through your data and inform creation of further Azure Sentinel analytics, workbooks and workflows.

 

ESET

The ESET data connector ingests ESET Inspector detections in Azure Sentinel. This includes aggregated detections for suspicious activities, which can enrich your Azure Sentinel incident management and investigation outcomes.

 

Imperva WAF Gateway

The Imperva WAF Gateway data connector enables you to ingest Imperva WAF Gateway security alerts with a high degree of log customization. This provides you additional insight into your organization's WAF traffic and improves your security operation capabilities. This connector comes with some sample queries to help you navigate through your data and inform creation of further Azure Sentinel analytics, workbooks and workflows.

 

Broadcom Symantec

Broadcom Symantec DLP data connector enables ingestion of Data Loss Prevention (DLP) logs in Azure Sentinel to provide insight into your organization’s information. Use the parser to correlate with other data in Azure Sentinel for improved security operations.  

 

WireX Systems

WireX Systems brings WireX Network Forensics Platform data events to Azure Sentinel via a new data connector enabling correlation of contextual content offered by WireX with other Azure Sentinel resident data from other sources.  Delivered events include DNS, HTTP(s) and WireX Threat Detection System.   

 

Aruba ClearPass

The Aruba ClearPass data connector helps with ingestion of network security logs that includes audit, session, system and insight logs into Azure Sentinel. The parser for this data connector can enable you to correlate Aruba data with other data sources in Azure Sentinel.  

 

Onapsis

The Onapsis data connector allows you to export alarms triggered in the Onapsis Platform into Azure Sentinel in real-time. This gives you the ability to monitor activity on your SAP systems, identify incidents, and respond to them quickly. Use the new workbook for the Onapsis data connector to visualize important information about your Onapsis alarms and view your incidents report.

 

Netskope

The Netskope data connector helps ingest Netskope Cloud security events and logs into Azure Sentinel. Use the parser to seamlessly work with other logs in Azure Sentinel for improved monitoring and investigation capabilities.

 

Squid Proxy

The Squid Proxy data connector enables getting logs from Squid Proxy server into Azure Sentinel. This is using the Azure Log Analytics agent to configure the custom directory from which logs need to be collected from on the device. This data connector also has a parser to enable better correlation across other logs in Azure Sentinel.

 

Blackberry CylancePROTECT

The Blackberry CylancePROTECT data connector enables ingestion of CylancePROTECT logs into Azure Sentinel. This includes audit logs, threats, application control logs, device logs, memory protection logs and threat classification logs. This data connector has a parser for correlating these logs with other data in Azure Sentinel for enriched hunting, incident management and investigation experience.

 

Apache HTTP Server

The Apache data connector enables you to ingest Apache HTTP Server access logs in Azure Sentinel. This is using the Azure Log Analytics agent to configure the custom directory from which logs need to be collected from on the device. This data connector also has a parser to enable better correlation of the server events across other logs in Azure Sentinel.

 

Alsid

The new Alsid for Active Directory data connector allows you to export Alsid indicators of exposures, trail flow and indicators of attacks logs to Azure Sentinel in real-time. The data connector has a parser to manipulate the logs more easily. The various sample queries with this connector ease Active Directory monitoring and provide different ways to query and visualize the data. The analytic templates provide automated responses for different events, exposures, or attacks.

 

Better Mobile

The Better Mobile data connector enables you to connect your Better Mobile Threat Defense instances to Azure Sentinel for enhanced monitoring and management of security logs. This connector comes with some sample queries to help you navigate through your data and inform creation of further Azure Sentinel analytics, workbooks and workflows.

 

Thycotic

Thycotic’s new Secret Server privileged access management data connector and workbook brings Thycotic Secrets audit log data to Azure Sentinel to inform investigations and hunting.  The log data includes user and action activity for secrets managed in the Thycotic vault.

Thycotic workbookThycotic workbook

 

Agari

The new Agari data connector enables you to ingest Agari security logs from the Phishing Defense and Brand Protection endpoints. This connector comes with some sample queries to help you navigate through your data and inform creation of further Azure Sentinel analytics, workbooks and workflows. In addition, brand Protection and phishing response customers can take advantage of Threat Intelligence sharing via the Microsoft Graph Security API.

 

Qualys KB

The Qualys Vulnerability Management (VM) KnowledgeBase (KB) connector provides the capability to ingest the latest vulnerability data from Qualys KB into Azure Sentinel. This data can be used to correlate and enrich vulnerability detections found by the Qualys Vulnerability Management (VM) data connector. Use the parser to build rich workbooks for monitoring.

 

Closing

These data collection improvements are just one of several exciting announcements we’ve made for Microsoft Ignite. Learn more about other new Azure Sentinel innovations in our announcements blog.

Try out the new connectors, workbooks, and analytics in Azure Sentinel by starting a trial. Let us know your feedback using any of the channels listed in the Resources.

We also invite you to join the community to contribute your own new connectors, workbooks, analytics and more. Get started now by joining the Azure Sentinel Threat Hunters GitHub community and follow the guidance.

 

5 Comments
Occasional Contributor

Hoping to see 300+ soon :)

Occasional Visitor

Perfect! Really hope to see soon also Nokia (ex. Alcatel-Lucent) network devices connectorts (routers/switches)

Occasional Contributor

@Preeti_Krishna Thanks for sharing consolidated list of new connectors. Is GitHub connector in road map this year? I have couple of use cases to solve.

Im aware of custom integration bw sentinel and GitHub but it require PAT which has owner role assigned and this is not feasible in our org to provide highest permission for this integration.

Contributor

Would be great if the Meraki Connector worked. I followed the meager documentation, installed the non-azure linux VM agent, created the workspace, pointed our Meraki devices to the VM via syslog and the troubleshooter returns no errors but nothing ever makes its way to Sentinel. The sample queries all report back 

'summarize' operator: Failed to resolve table or column expression named 'CiscoMeraki' If issue persists, please open a support ticket. Request id: 8f8d3eee-d625-4965-b13d-9fbc654e4132
 
Which I assume is because nothing is getting there. I know this box worked before because I had connected Mimecast to it, but the documentation for that, vs this, was vastly different (way more in-depth) so it's as if huge parts of how to connect this are being left out entirely. Hard to preview something when the guidance is so minimal.
 
The troubleshooter did show URL data for the Meraki's in the logs when ran but, yeah, beyond that this thing is dead stick.
Visitor

Darktrace?  Netwrix?

%3CLINGO-SUB%20id%3D%22lingo-sub-2176315%22%20slang%3D%22en-US%22%3E30%2B%20New%20Azure%20Sentinel%20Data%20Connectors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2176315%22%20slang%3D%22en-US%22%3E%3CP%3EToday%2C%20we%20are%20announcing%20over%2030%20new%20out-of-the-box%20data%20connectors%20for%20Azure%20Sentinel%20to%20enable%20data%20collection%20for%20leading%20security%20products%20and%20other%20clouds.%20With%20these%20new%20connectors%2C%20we%20are%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsentineldataconnectorsbloginspire20%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Econtinuing%20the%20momentum%3C%2FA%3E%20to%20enable%20customers%20to%20easily%20bring%20data%20from%20different%20products%20into%20Azure%20Sentinel%20and%20analyze%20data%20at%20cloud%20scale.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThese%20data%20connectors%20include%20a%20parser%20that%20transforms%20the%20ingested%20data%20into%20Azure%20Sentinel%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fnormalization-schema%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Enormalized%20format%3C%2FA%3E.%20The%20normalized%20format%20enables%20better%20correlation%20of%20different%20types%20of%20data%20from%20different%20data%20sources%20to%20drive%20end-to-end%20outcomes%20seamlessly%20in%20security%20monitoring%2C%20hunting%2C%20incident%20investigation%20and%20response%20scenarios%20in%20Azure%20Sentinel.%20New%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Ftutorial-monitor-your-data%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eworkbooks%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Ftutorial-detect-threats-built-in%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eanalytic%20rule%20templates%3C%2FA%3E%2C%26nbsp%3Bleveraging%20these%20parsers%2C%20are%20also%20available%20to%20help%20you%20monitor%20these%20new%20data%20sources%20and%20detect%20threats%20immediately.%20Refer%20to%20the%20documentation%20for%20a%20complete%20list%20of%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-data-sources%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edata%20connectors%3C%2FA%3E%26nbsp%3Bthat%20you%20can%20leverage%20in%20Azure%20Sentinel.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1975734109%22%20id%3D%22toc-hId-1975734109%22%20id%3D%22toc-hId-1975734109%22%20id%3D%22toc-hId-1975734109%22%20id%3D%22toc-hId-1975734109%22%20id%3D%22toc-hId-1975734109%22%20id%3D%22toc-hId-1975699546%22%3ECisco%3C%2FH3%3E%0A%3CP%3EFour%20new%20data%20connectors%20for%20Cisco%20enable%20you%20to%20ingest%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-cisco-umbrella%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECisco%20Umbrella%3C%2FA%3E%2C%20Cisco%20Meraki%2C%20Cisco%20Firepower%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-cisco-ucs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECisco%20UCS%3C%2FA%3E%20logs%20respectively.%20Use%20the%20new%20workbooks%20for%20these%20data%20sources%20to%20monitor%20your%20DNS%2C%20IP%2C%20Proxy%2C%20and%20Cloud%20Firewall%20logs%20from%20these%20products%2C%20as%20illustrated%20below.%20You%20can%20directly%20ingest%20Cisco%20Umbrella%20logs%20from%20AWS%20S3%20buckets%20using%20the%20new%20Cisco%20Umbrella%20data%20connector.%20Both%20Cisco%20Umbrella%20and%20Cisco%20Meraki%2C%20now%20in%20Public%20Preview%2C%20have%20been%20among%20the%20top%20requested%20data%20connectors%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F920458-azure-sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EAzure%20Sentinel%20User%20Voice%20forum%3C%2FA%3E.%20Please%20continue%20to%20voice%20your%20feedback!%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Ignite_march-21-Picture1.png%22%20style%3D%22width%3A%20936px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F259477iF74C326D93DDB996%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Ignite_march-21-Picture1.png%22%20alt%3D%22Cisco%20Umbrella%20workbook%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ECisco%20Umbrella%20workbook%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-168279646%22%20id%3D%22toc-hId-168279646%22%20id%3D%22toc-hId-168279646%22%20id%3D%22toc-hId-168279646%22%20id%3D%22toc-hId-168279646%22%20id%3D%22toc-hId-168279646%22%20id%3D%22toc-hId-168245083%22%3ENXLog%3C%2FH3%3E%0A%3CP%3ENXLog%20brings%20Azure%20Sentinel%20support%20for%20both%20the%20NXLog%20Linux%20Audit%20System%20and%20Windows%20Event%20Tracing%20modules%20with%20two%20new%20data%20connectors%20that%20deliver%20Linux%20audit%20and%20Windows%20DNS%20Server%20events%2C%20respectively.%26nbsp%3B%20%26nbsp%3BThese%20connectors%20enable%20the%20delivery%20of%20audit%20and%20analytical%20DNS%20server%20events%20Linux%20security%20events%20to%20Azure%20Sentinel%20in%20real-time.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1639174817%22%20id%3D%22toc-hId--1639174817%22%20id%3D%22toc-hId--1639174817%22%20id%3D%22toc-hId--1639174817%22%20id%3D%22toc-hId--1639174817%22%20id%3D%22toc-hId--1639174817%22%20id%3D%22toc-hId--1639209380%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-848338016%22%20id%3D%22toc-hId-848338016%22%20id%3D%22toc-hId-848338016%22%20id%3D%22toc-hId-848338016%22%20id%3D%22toc-hId-848338016%22%20id%3D%22toc-hId-848338016%22%20id%3D%22toc-hId-848303453%22%3ESalesforce%20Cloud%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-salesforce-service-cloud%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESalesforce%20Cloud%20data%20connector%3C%2FA%3E%20enables%20operational%20events%20to%20be%20ingested%20in%20Azure%20Sentinel.%20These%20events%20are%20from%2038%20logs%20that%20includes%20audit%2C%20files%2C%20search%2C%20and%20more.%20This%20data%20connector%20has%20a%20parser%26nbsp%3Bthat%20enables%20you%20to%20correlate%20Salesforce%20logs%20with%20other%20logs%20easily%20in%20Azure%20Sentinel%20to%20build%20integrated%20experiences.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--959116447%22%20id%3D%22toc-hId--959116447%22%20id%3D%22toc-hId--959116447%22%20id%3D%22toc-hId--959116447%22%20id%3D%22toc-hId--959116447%22%20id%3D%22toc-hId--959116447%22%20id%3D%22toc-hId--959151010%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-1528396386%22%20id%3D%22toc-hId-1528396386%22%20id%3D%22toc-hId-1528396386%22%20id%3D%22toc-hId-1528396386%22%20id%3D%22toc-hId-1528396386%22%20id%3D%22toc-hId-1528396386%22%20id%3D%22toc-hId-1528361823%22%3EAkamai%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-akamai-security-events%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAkamai%20data%20connector%3C%2FA%3E%20provides%20the%20capability%20to%20ingest%20security%20events%20generated%20by%20Akamai%20platform%20into%20Azure%20Sentinel.%20Use%20the%20parser%20for%20Akamai%26nbsp%3Bto%20build%20and%20correlate%20Akamai%20logs%20with%20other%20logs%20to%20enable%20rich%20alerting%20and%20investigation%20experiences.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--279058077%22%20id%3D%22toc-hId--279058077%22%20id%3D%22toc-hId--279058077%22%20id%3D%22toc-hId--279058077%22%20id%3D%22toc-hId--279058077%22%20id%3D%22toc-hId--279058077%22%20id%3D%22toc-hId--279092640%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--2086512540%22%20id%3D%22toc-hId--2086512540%22%20id%3D%22toc-hId--2086512540%22%20id%3D%22toc-hId--2086512540%22%20id%3D%22toc-hId--2086512540%22%20id%3D%22toc-hId--2086512540%22%20id%3D%22toc-hId--2086547103%22%3ETrend%20Micro%3C%2FH3%3E%0A%3CP%3ETwo%20new%20data%20connectors%20for%20Trend%20Micro%20enable%20you%20to%20ingest%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-trend-micro-tippingpoint%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETrend%20Micro%20TippingPoint%3C%2FA%3E%20SMS%20IPS%20events%26nbsp%3Band%20Trend%20Micro%20XDR%20workbench%20alerts%2C%20respectively.%20The%20XDR%20connector%20comes%20with%20a%20workbook%20to%20help%20with%20insights%20into%20alert%20trends%20and%20impacted%20hosts.%20The%20XDR%20connector%20also%20includes%20two%20analytic%20rule%20templates%20to%20create%20incidents%20for%20XDR%20alerts%20depending%20on%20severity.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Ignite_march-21-Picture2.png%22%20style%3D%22width%3A%20573px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F259479i83ACC9CA7FF47EFF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Ignite_march-21-Picture2.png%22%20alt%3D%22Trend%20Micro%20workbook%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ETrend%20Micro%20workbook%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-401000293%22%20id%3D%22toc-hId-401000293%22%20id%3D%22toc-hId-401000293%22%20id%3D%22toc-hId-401000293%22%20id%3D%22toc-hId-401000293%22%20id%3D%22toc-hId-401000293%22%20id%3D%22toc-hId-400965730%22%3EProofpoint%20POD%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-proofpoint-pod%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProofpoint%20On%20Demand%20(POD)%20data%20connector%3C%2FA%3E%20provides%20the%20capability%20to%20get%20Proofpoint%20On%20Demand%20email%20protection%20data.%20This%20data%20enables%20you%20to%20check%20message%20traceability%2C%20monitor%20email%20activity%2C%20threats%2C%20and%20data%20exfiltration%20by%20attackers%20and%20malicious%20insiders.%20Both%20mail%20and%20message%20logs%20are%20ingested%20by%20this%20data%20connector.%20Furthermore%2C%20the%20parser%26nbsp%3Benables%20you%20to%20easily%20correlate%20email%20logs%20with%20other%20security%20logs%20for%20enhanced%20incident%20tracking%20and%20automated%20response%20scenarios.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1406454170%22%20id%3D%22toc-hId--1406454170%22%20id%3D%22toc-hId--1406454170%22%20id%3D%22toc-hId--1406454170%22%20id%3D%22toc-hId--1406454170%22%20id%3D%22toc-hId--1406454170%22%20id%3D%22toc-hId--1406488733%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-385895184%22%20id%3D%22toc-hId-385895184%22%20id%3D%22toc-hId-385895184%22%20id%3D%22toc-hId-385895184%22%20id%3D%22toc-hId-385895184%22%20id%3D%22toc-hId-385895184%22%20id%3D%22toc-hId-385860621%22%3EGoogle%20Workspace%20%2F%20G-Suite%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20Google%20Workspace%20data%20connector%20enables%20ingestion%20of%20Google%20Workspace%20Activity%20events%20into%20Azure%20Sentinel.%20This%20includes%20logs%20for%20admin%20activity%2C%20Google%20drive%20usage%2C%20login%2C%20mobile%2C%20authorization%20tokens%2C%20user%20workspace%20accounts%20and%20calendar%20usage%20reports.%20Use%20the%20parser%26nbsp%3Bto%20correlate%20this%20data%20with%20other%20logs%20to%20examine%20potential%20security%20risks%2C%20diagnose%20configuration%20problems%2C%20track%20who%20signs%20in%20and%20when%2C%20analyze%20administrator%20activity%2C%20understand%20how%20users%20create%20and%20share%20content%2C%20and%20more.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1421559279%22%20id%3D%22toc-hId--1421559279%22%20id%3D%22toc-hId--1421559279%22%20id%3D%22toc-hId--1421559279%22%20id%3D%22toc-hId--1421559279%22%20id%3D%22toc-hId--1421559279%22%20id%3D%22toc-hId--1421593842%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-1065953554%22%20id%3D%22toc-hId-1065953554%22%20id%3D%22toc-hId-1065953554%22%20id%3D%22toc-hId-1065953554%22%20id%3D%22toc-hId-1065953554%22%20id%3D%22toc-hId-1065953554%22%20id%3D%22toc-hId-1065918991%22%3ESophos%20Cloud%20Optix%3C%2FH3%3E%0A%3CP%3EThe%20Sophos%20Cloud%20Optix%20data%20connector%20allows%20you%20to%20easily%20connect%20Sophos%20Cloud%20Optix%20logs%20of%20your%20choice%20with%20Azure%20Sentinel%2C%20to%20view%20dashboards%2C%20create%20custom%20alerts%2C%20and%20improve%20investigation.%20This%20gives%20you%20more%20insight%20into%20your%20organization's%20cloud%20security%20and%20compliance%20posture%20and%20improves%20your%20cloud%20security%20operation%20capabilities.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--741500909%22%20id%3D%22toc-hId--741500909%22%20id%3D%22toc-hId--741500909%22%20id%3D%22toc-hId--741500909%22%20id%3D%22toc-hId--741500909%22%20id%3D%22toc-hId--741500909%22%20id%3D%22toc-hId--741535472%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-1746011924%22%20id%3D%22toc-hId-1746011924%22%20id%3D%22toc-hId-1746011924%22%20id%3D%22toc-hId-1746011924%22%20id%3D%22toc-hId-1746011924%22%20id%3D%22toc-hId-1746011924%22%20id%3D%22toc-hId-1745977361%22%3EVMWare%20ESXi%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20VMWare%20ESXi%20data%20connector%20enables%20you%20to%20ingest%20VMWare%20vSphere%20system%20logs%20in%20Azure%20Sentinel.%20This%20gives%20you%20more%20insight%20into%20your%20organization's%20ESXi%20servers%20and%20improves%20your%20security%20operation%20capabilities.%20Use%20the%20parser%26nbsp%3Bto%20correlate%20ESXi%20data%20with%20other%20data%20in%20Azure%20Sentinel.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--61442539%22%20id%3D%22toc-hId--61442539%22%20id%3D%22toc-hId--61442539%22%20id%3D%22toc-hId--61442539%22%20id%3D%22toc-hId--61442539%22%20id%3D%22toc-hId--61442539%22%20id%3D%22toc-hId--61477102%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--1868897002%22%20id%3D%22toc-hId--1868897002%22%20id%3D%22toc-hId--1868897002%22%20id%3D%22toc-hId--1868897002%22%20id%3D%22toc-hId--1868897002%22%20id%3D%22toc-hId--1868897002%22%20id%3D%22toc-hId--1868931565%22%3EJuniper%20SRX%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-juniper-srx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EJuniper%20SRX%20data%20connector%3C%2FA%3E%20enables%20ingestion%20of%20network%20traffic%20logs%20in%20Azure%20Sentinel.%20Use%20the%20parser%26nbsp%3Bto%20build%20rich%20monitoring%20workbooks%20and%20alerting%20in%20Azure%20Sentinel.%20%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-618615831%22%20id%3D%22toc-hId-618615831%22%20id%3D%22toc-hId-618615831%22%20id%3D%22toc-hId-618615831%22%20id%3D%22toc-hId-618615831%22%20id%3D%22toc-hId-618615831%22%20id%3D%22toc-hId-618581268%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--1188838632%22%20id%3D%22toc-hId--1188838632%22%20id%3D%22toc-hId--1188838632%22%20id%3D%22toc-hId--1188838632%22%20id%3D%22toc-hId--1188838632%22%20id%3D%22toc-hId--1188838632%22%20id%3D%22toc-hId--1188873195%22%3ESonicWall%3C%2FH3%3E%0A%3CP%3EThe%20SonicWall%20data%20connector%20enables%20you%20to%20ingest%20SonicWall%20Firewall%20logs%20from%20your%20virtual%20or%20on-prem%20firewalls.%20This%20data%20connector%20captures%20log%20activity%20and%20includes%20every%20connection%20source%20and%20destination%20name%20and%2For%20IP%20address%2C%20IP%20service%2C%20and%20number%20of%20bytes%20transferred.%20This%20connector%20comes%20with%20some%20sample%20queries%20to%20help%20you%20navigate%20through%20your%20data%20and%20inform%20creation%20of%20further%20Azure%20Sentinel%20analytics%2C%20workbooks%20and%20workflows.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1298674201%22%20id%3D%22toc-hId-1298674201%22%20id%3D%22toc-hId-1298674201%22%20id%3D%22toc-hId-1298674201%22%20id%3D%22toc-hId-1298674201%22%20id%3D%22toc-hId-1298674201%22%20id%3D%22toc-hId-1298639638%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-189381679%22%20id%3D%22toc-hId-189381679%22%20id%3D%22toc-hId-189381679%22%20id%3D%22toc-hId-189381679%22%20id%3D%22toc-hId-189381679%22%20id%3D%22toc-hId-189381679%22%20id%3D%22toc-hId-189347116%22%3EESET%3C%2FH3%3E%0A%3CP%3EThe%20ESET%20data%20connector%20ingests%20ESET%20Inspector%20detections%20in%20Azure%20Sentinel.%20This%20includes%20aggregated%20detections%20for%20suspicious%20activities%2C%20which%20can%20enrich%20your%20Azure%20Sentinel%20incident%20management%20and%20investigation%20outcomes.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1618072784%22%20id%3D%22toc-hId--1618072784%22%20id%3D%22toc-hId--1618072784%22%20id%3D%22toc-hId--1618072784%22%20id%3D%22toc-hId--1618072784%22%20id%3D%22toc-hId--1618072784%22%20id%3D%22toc-hId--1618107347%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-869440049%22%20id%3D%22toc-hId-869440049%22%20id%3D%22toc-hId-869440049%22%20id%3D%22toc-hId-869440049%22%20id%3D%22toc-hId-869440049%22%20id%3D%22toc-hId-869440049%22%20id%3D%22toc-hId-869405486%22%3EImperva%20WAF%20Gateway%3C%2FH3%3E%0A%3CP%3EThe%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-imperva-waf-gateway%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EImperva%20WAF%20Gateway%20data%20connector%3C%2FA%3E%20enables%20you%20to%20ingest%20Imperva%20WAF%20Gateway%20security%20alerts%20with%20a%20high%20degree%20of%20log%20customization.%20This%20provides%20you%20additional%20insight%20into%20your%20organization's%20WAF%20traffic%20and%20improves%20your%20security%20operation%20capabilities.%20This%20connector%20comes%20with%20some%20sample%20queries%20to%20help%20you%20navigate%20through%20your%20data%20and%20inform%20creation%20of%20further%20Azure%20Sentinel%20analytics%2C%20workbooks%20and%20workflows.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--938014414%22%20id%3D%22toc-hId--938014414%22%20id%3D%22toc-hId--938014414%22%20id%3D%22toc-hId--938014414%22%20id%3D%22toc-hId--938014414%22%20id%3D%22toc-hId--938014414%22%20id%3D%22toc-hId--938048977%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-1549498419%22%20id%3D%22toc-hId-1549498419%22%20id%3D%22toc-hId-1549498419%22%20id%3D%22toc-hId-1549498419%22%20id%3D%22toc-hId-1549498419%22%20id%3D%22toc-hId-1549498419%22%20id%3D%22toc-hId-1549463856%22%3EBroadcom%20Symantec%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EBroadcom%20Symantec%20DLP%20data%20connector%20enables%20ingestion%20of%20Data%20Loss%20Prevention%20(DLP)%20logs%20in%20Azure%20Sentinel%20to%20provide%20insight%20into%20your%20organization%E2%80%99s%20information.%20Use%20the%20parser%26nbsp%3Bto%20correlate%20with%20other%20data%20in%20Azure%20Sentinel%20for%20improved%20security%20operations.%20%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--257956044%22%20id%3D%22toc-hId--257956044%22%20id%3D%22toc-hId--257956044%22%20id%3D%22toc-hId--257956044%22%20id%3D%22toc-hId--257956044%22%20id%3D%22toc-hId--257956044%22%20id%3D%22toc-hId--257990607%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--2065410507%22%20id%3D%22toc-hId--2065410507%22%20id%3D%22toc-hId--2065410507%22%20id%3D%22toc-hId--2065410507%22%20id%3D%22toc-hId--2065410507%22%20id%3D%22toc-hId--2065410507%22%20id%3D%22toc-hId--2065445070%22%3EWireX%20Systems%3C%2FH3%3E%0A%3CP%3EWireX%20Systems%20brings%20WireX%20Network%20Forensics%20Platform%20data%20events%20to%20Azure%20Sentinel%20via%20a%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-wirex-systems%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Enew%20data%20connector%3C%2FA%3E%20enabling%20correlation%20of%20contextual%20content%20offered%20by%20WireX%20with%20other%20Azure%20Sentinel%20resident%20data%20from%20other%20sources.%26nbsp%3B%20Delivered%20events%20include%20DNS%2C%20HTTP(s)%20and%20WireX%20Threat%20Detection%20System.%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-422102326%22%20id%3D%22toc-hId-422102326%22%20id%3D%22toc-hId-422102326%22%20id%3D%22toc-hId-422102326%22%20id%3D%22toc-hId-422102326%22%20id%3D%22toc-hId-422102326%22%20id%3D%22toc-hId-422067763%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--1385352137%22%20id%3D%22toc-hId--1385352137%22%20id%3D%22toc-hId--1385352137%22%20id%3D%22toc-hId--1385352137%22%20id%3D%22toc-hId--1385352137%22%20id%3D%22toc-hId--1385352137%22%20id%3D%22toc-hId--1385386700%22%3EAruba%20ClearPass%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20Aruba%20ClearPass%20data%20connector%20helps%20with%20ingestion%20of%20network%20security%20logs%20that%20includes%20audit%2C%20session%2C%20system%20and%20insight%20logs%20into%20Azure%20Sentinel.%20The%20parser%26nbsp%3Bfor%20this%20data%20connector%20can%20enable%20you%20to%20correlate%20Aruba%20data%20with%20other%20data%20sources%20in%20Azure%20Sentinel.%20%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1102160696%22%20id%3D%22toc-hId-1102160696%22%20id%3D%22toc-hId-1102160696%22%20id%3D%22toc-hId-1102160696%22%20id%3D%22toc-hId-1102160696%22%20id%3D%22toc-hId-1102160696%22%20id%3D%22toc-hId-1102126133%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--7131826%22%20id%3D%22toc-hId--7131826%22%20id%3D%22toc-hId--7131826%22%20id%3D%22toc-hId--7131826%22%20id%3D%22toc-hId--7131826%22%20id%3D%22toc-hId--7131826%22%20id%3D%22toc-hId--7166389%22%3EOnapsis%3C%2FH3%3E%0A%3CP%3EThe%20Onapsis%20data%20connector%20allows%20you%20to%20export%20alarms%20triggered%20in%20the%20Onapsis%20Platform%20into%20Azure%20Sentinel%20in%20real-time.%20This%20gives%20you%20the%20ability%20to%20monitor%20activity%20on%20your%20SAP%20systems%2C%20identify%20incidents%2C%20and%20respond%20to%20them%20quickly.%20Use%20the%20new%20workbook%20for%20the%20Onapsis%20data%20connector%20to%20visualize%20important%20information%20about%20your%20Onapsis%20alarms%20and%20view%20your%20incidents%20report.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1814586289%22%20id%3D%22toc-hId--1814586289%22%20id%3D%22toc-hId--1814586289%22%20id%3D%22toc-hId--1814586289%22%20id%3D%22toc-hId--1814586289%22%20id%3D%22toc-hId--1814586289%22%20id%3D%22toc-hId--1814620852%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-672926544%22%20id%3D%22toc-hId-672926544%22%20id%3D%22toc-hId-672926544%22%20id%3D%22toc-hId-672926544%22%20id%3D%22toc-hId-672926544%22%20id%3D%22toc-hId-672926544%22%20id%3D%22toc-hId-672891981%22%3ENetskope%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20Netskope%20data%20connector%20helps%20ingest%20Netskope%20Cloud%20security%20events%20and%20logs%20into%20Azure%20Sentinel.%20Use%20the%20parser%26nbsp%3Bto%20seamlessly%20work%20with%20other%20logs%20in%20Azure%20Sentinel%20for%20improved%20monitoring%20and%20investigation%20capabilities.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1134527919%22%20id%3D%22toc-hId--1134527919%22%20id%3D%22toc-hId--1134527919%22%20id%3D%22toc-hId--1134527919%22%20id%3D%22toc-hId--1134527919%22%20id%3D%22toc-hId--1134527919%22%20id%3D%22toc-hId--1134562482%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-1352984914%22%20id%3D%22toc-hId-1352984914%22%20id%3D%22toc-hId-1352984914%22%20id%3D%22toc-hId-1352984914%22%20id%3D%22toc-hId-1352984914%22%20id%3D%22toc-hId-1352984914%22%20id%3D%22toc-hId-1352950351%22%3ESquid%20Proxy%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-squid-proxy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESquid%20Proxy%20data%20connector%3C%2FA%3E%20enables%20getting%20logs%20from%20Squid%20Proxy%20server%20into%20Azure%20Sentinel.%20This%20is%20using%20the%20Azure%20Log%20Analytics%20agent%20to%20configure%20the%20custom%20directory%20from%20which%20logs%20need%20to%20be%20collected%20from%20on%20the%20device.%20This%20data%20connector%20also%20has%20a%20parser%26nbsp%3Bto%20enable%20better%20correlation%20across%20other%20logs%20in%20Azure%20Sentinel.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--454469549%22%20id%3D%22toc-hId--454469549%22%20id%3D%22toc-hId--454469549%22%20id%3D%22toc-hId--454469549%22%20id%3D%22toc-hId--454469549%22%20id%3D%22toc-hId--454469549%22%20id%3D%22toc-hId--454504112%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-2033043284%22%20id%3D%22toc-hId-2033043284%22%20id%3D%22toc-hId-2033043284%22%20id%3D%22toc-hId-2033043284%22%20id%3D%22toc-hId-2033043284%22%20id%3D%22toc-hId-2033043284%22%20id%3D%22toc-hId-2033008721%22%3EBlackberry%20CylancePROTECT%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20Blackberry%20CylancePROTECT%20data%20connector%20enables%20ingestion%20of%20CylancePROTECT%20logs%20into%20Azure%20Sentinel.%20This%20includes%20audit%20logs%2C%20threats%2C%20application%20control%20logs%2C%20device%20logs%2C%20memory%20protection%20logs%20and%20threat%20classification%20logs.%20This%20data%20connector%20has%20a%20parser%26nbsp%3Bfor%20correlating%20these%20logs%20with%20other%20data%20in%20Azure%20Sentinel%20for%20enriched%20hunting%2C%20incident%20management%20and%20investigation%20experience.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-225588821%22%20id%3D%22toc-hId-225588821%22%20id%3D%22toc-hId-225588821%22%20id%3D%22toc-hId-225588821%22%20id%3D%22toc-hId-225588821%22%20id%3D%22toc-hId-225588821%22%20id%3D%22toc-hId-225554258%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--1581865642%22%20id%3D%22toc-hId--1581865642%22%20id%3D%22toc-hId--1581865642%22%20id%3D%22toc-hId--1581865642%22%20id%3D%22toc-hId--1581865642%22%20id%3D%22toc-hId--1581865642%22%20id%3D%22toc-hId--1581900205%22%3EApache%20HTTP%20Server%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-apache-http-server%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EApache%20data%20connector%3C%2FA%3E%20enables%20you%20to%20ingest%20Apache%20HTTP%20Server%20access%20logs%20in%20Azure%20Sentinel.%20This%20is%20using%20the%20Azure%20Log%20Analytics%20agent%20to%20configure%20the%20custom%20directory%20from%20which%20logs%20need%20to%20be%20collected%20from%20on%20the%20device.%20This%20data%20connector%20also%20has%20a%20parser%26nbsp%3Bto%20enable%20better%20correlation%20of%20the%20server%20events%20across%20other%20logs%20in%20Azure%20Sentinel.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-905647191%22%20id%3D%22toc-hId-905647191%22%20id%3D%22toc-hId-905647191%22%20id%3D%22toc-hId-905647191%22%20id%3D%22toc-hId-905647191%22%20id%3D%22toc-hId-905647191%22%20id%3D%22toc-hId-905612628%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--203645331%22%20id%3D%22toc-hId--203645331%22%20id%3D%22toc-hId--203645331%22%20id%3D%22toc-hId--203645331%22%20id%3D%22toc-hId--203645331%22%20id%3D%22toc-hId--203645331%22%20id%3D%22toc-hId--203679894%22%3EAlsid%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20new%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-alsid-active-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAlsid%20for%20Active%20Directory%20data%20connector%3C%2FA%3E%20allows%20you%20to%20export%20Alsid%20indicators%20of%20exposures%2C%20trail%20flow%20and%20indicators%20of%20attacks%20logs%20to%20Azure%20Sentinel%20in%20real-time.%20The%20data%20connector%20has%20a%20parser%26nbsp%3Bto%20manipulate%20the%20logs%20more%20easily.%20The%20various%20sample%20queries%20with%20this%20connector%20ease%20Active%20Directory%20monitoring%20and%20provide%20different%20ways%20to%20query%20and%20visualize%20the%20data.%20The%20analytic%20templates%20provide%20automated%20responses%20for%20different%20events%2C%20exposures%2C%20or%20attacks.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--2011099794%22%20id%3D%22toc-hId--2011099794%22%20id%3D%22toc-hId--2011099794%22%20id%3D%22toc-hId--2011099794%22%20id%3D%22toc-hId--2011099794%22%20id%3D%22toc-hId--2011099794%22%20id%3D%22toc-hId--2011134357%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-476413039%22%20id%3D%22toc-hId-476413039%22%20id%3D%22toc-hId-476413039%22%20id%3D%22toc-hId-476413039%22%20id%3D%22toc-hId-476413039%22%20id%3D%22toc-hId-476413039%22%20id%3D%22toc-hId-476378476%22%3EBetter%20Mobile%3C%2FH3%3E%0A%3CP%3EThe%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-better-mtd%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EBetter%20Mobile%20data%20connector%3C%2FA%3E%20enables%20you%20to%20connect%20your%20Better%20Mobile%20Threat%20Defense%20instances%20to%20Azure%20Sentinel%20for%20enhanced%20monitoring%20and%20management%20of%20security%20logs.%20This%20connector%20comes%20with%20some%20sample%20queries%20to%20help%20you%20navigate%20through%20your%20data%20and%20inform%20creation%20of%20further%20Azure%20Sentinel%20analytics%2C%20workbooks%20and%20workflows.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1331041424%22%20id%3D%22toc-hId--1331041424%22%20id%3D%22toc-hId--1331041424%22%20id%3D%22toc-hId--1331041424%22%20id%3D%22toc-hId--1331041424%22%20id%3D%22toc-hId--1331041424%22%20id%3D%22toc-hId--1331075987%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-1156471409%22%20id%3D%22toc-hId-1156471409%22%20id%3D%22toc-hId-1156471409%22%20id%3D%22toc-hId-1156471409%22%20id%3D%22toc-hId-1156471409%22%20id%3D%22toc-hId-1156471409%22%20id%3D%22toc-hId-1156436846%22%3EThycotic%3C%2FH3%3E%0A%3CP%3EThycotic%E2%80%99s%20new%20Secret%20Server%20privileged%20access%20management%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-thycotic-secret-server%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edata%20connector%3C%2FA%3E%20and%20workbook%20brings%20Thycotic%20Secrets%20audit%20log%20data%20to%20Azure%20Sentinel%20to%20inform%20investigations%20and%20hunting.%20%26nbsp%3BThe%20log%20data%20includes%20user%20and%20action%20activity%20for%20secrets%20managed%20in%20the%20Thycotic%20vault.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Ignite_march-21-Picture3.png%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F259481iFC703164DC7981FF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Ignite_march-21-Picture3.png%22%20alt%3D%22Thycotic%20workbook%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EThycotic%20workbook%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--650983054%22%20id%3D%22toc-hId--650983054%22%20id%3D%22toc-hId--650983054%22%20id%3D%22toc-hId--650983054%22%20id%3D%22toc-hId--650983054%22%20id%3D%22toc-hId--650983054%22%20id%3D%22toc-hId--651017617%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId-1836529779%22%20id%3D%22toc-hId-1836529779%22%20id%3D%22toc-hId-1836529779%22%20id%3D%22toc-hId-1836529779%22%20id%3D%22toc-hId-1836529779%22%20id%3D%22toc-hId-1836529779%22%20id%3D%22toc-hId-1836495216%22%3EAgari%3C%2FH3%3E%0A%3CP%3EThe%20new%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-agari-phishing-defense%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAgari%20data%20connector%3C%2FA%3E%20enables%20you%20to%20ingest%20Agari%20security%20logs%20from%20the%20Phishing%20Defense%20and%20Brand%20Protection%20endpoints.%20This%20connector%20comes%20with%20some%20sample%20queries%20to%20help%20you%20navigate%20through%20your%20data%20and%20inform%20creation%20of%20further%20Azure%20Sentinel%20analytics%2C%20workbooks%20and%20workflows.%20In%20addition%2C%20brand%20Protection%20and%20phishing%20response%20customers%20can%20take%20advantage%20of%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fimport-threat-intelligence%23adding-threat-indicators-to-azure-sentinel-with-the-threat-intelligence-platforms-data-connector%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EThreat%20Intelligence%20sharing%20via%20the%20Microsoft%20Graph%20Security%20API%3C%2FA%3E.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-29075316%22%20id%3D%22toc-hId-29075316%22%20id%3D%22toc-hId-29075316%22%20id%3D%22toc-hId-29075316%22%20id%3D%22toc-hId-29075316%22%20id%3D%22toc-hId-29075316%22%20id%3D%22toc-hId-29040753%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--1778379147%22%20id%3D%22toc-hId--1778379147%22%20id%3D%22toc-hId--1778379147%22%20id%3D%22toc-hId--1778379147%22%20id%3D%22toc-hId--1778379147%22%20id%3D%22toc-hId--1778379147%22%20id%3D%22toc-hId--1778413710%22%3EQualys%20KB%3C%2FH3%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%26nbsp%3BQualys%20Vulnerability%20Management%20(VM)%26nbsp%3BKnowledgeBase%20(KB)%20connector%20provides%20the%20capability%20to%20ingest%20the%20latest%20vulnerability%20data%20from%20Qualys%20KB%20into%20Azure%20Sentinel.%20This%20data%20can%20be%20used%20to%20correlate%20and%20enrich%20vulnerability%20detections%20found%20by%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fconnect-qualys-vm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EQualys%20Vulnerability%20Management%20(VM)%3C%2FA%3E%26nbsp%3Bdata%20connector.%20Use%20the%20parser%26nbsp%3Bto%20build%20rich%20workbooks%20for%20monitoring.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-580050967%22%20id%3D%22toc-hId-580050967%22%20id%3D%22toc-hId-580050967%22%20id%3D%22toc-hId-580050967%22%20id%3D%22toc-hId-580050967%22%20id%3D%22toc-hId-580050967%22%20id%3D%22toc-hId-580016404%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22toc-hId--529241555%22%20id%3D%22toc-hId--529241555%22%20id%3D%22toc-hId--529241555%22%20id%3D%22toc-hId--529241555%22%20id%3D%22toc-hId--529241555%22%20id%3D%22toc-hId--529241555%22%20id%3D%22toc-hId--529276118%22%3EClosing%3C%2FH2%3E%0A%3CP%3EThese%20data%20collection%20improvements%20are%20just%20one%20of%20several%20exciting%20announcements%20we%E2%80%99ve%20made%20for%20Microsoft%20Ignite.%20Learn%20more%20about%20other%20new%20Azure%20Sentinel%20innovations%20in%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsentinel-ignite-3-21-blog%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eour%20announcements%20blog.%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ETry%20out%20the%20new%20connectors%2C%20workbooks%2C%20and%20analytics%20in%20Azure%20Sentinel%20by%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fmicrosoftazuresentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Estarting%20a%20trial%3C%2FA%3E.%20Let%20us%20know%20your%20feedback%20using%20any%20of%20the%20channels%20listed%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%23resources%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EResources%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EWe%20also%20invite%20you%20to%20join%20the%20community%20to%20contribute%20your%20own%20new%20connectors%2C%20workbooks%2C%20analytics%20and%20more.%20Get%20started%20now%20by%20joining%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fthreathunters%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Sentinel%20Threat%20Hunters%20GitHub%20community%3C%2FA%3E%26nbsp%3Band%20follow%20the%20guidance.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2176315%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Sentinel%20Umbrella%20Workbook.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F259780iD1952AF67343A8B8%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Sentinel%20Umbrella%20Workbook.png%22%20alt%3D%22Sentinel%20Umbrella%20Workbook.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECheck%20out%20more%20than%2030%20new%20out-of-the-box%20data%20connectors%20for%20Azure%20Sentinel%20to%20enable%20data%20collection%20for%20leading%20security%20products%20and%20other%20clouds!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2176315%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2179371%22%20slang%3D%22en-US%22%3ERe%3A%2030%2B%20New%20Azure%20Sentinel%20Data%20Connectors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2179371%22%20slang%3D%22en-US%22%3E%3CP%3EHoping%20to%20see%20300%2B%20soon%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2181358%22%20slang%3D%22en-US%22%3ERe%3A%2030%2B%20New%20Azure%20Sentinel%20Data%20Connectors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2181358%22%20slang%3D%22en-US%22%3E%3CP%3EPerfect!%20Really%20hope%20to%20see%20soon%20also%20Nokia%20(ex.%20Alcatel-Lucent)%20network%20devices%20connectorts%20(routers%2Fswitches)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2184712%22%20slang%3D%22en-US%22%3ERe%3A%2030%2B%20New%20Azure%20Sentinel%20Data%20Connectors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2184712%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F164339%22%20target%3D%22_blank%22%3E%40Preeti_Krishna%3C%2FA%3E%26nbsp%3BThanks%20for%20sharing%20consolidated%20list%20of%20new%20connectors.%20Is%20GitHub%20connector%20in%20road%20map%20this%20year%3F%20I%20have%20couple%20of%20use%20cases%20to%20solve.%3C%2FP%3E%3CP%3EIm%20aware%20of%20custom%20integration%20bw%20sentinel%20and%20GitHub%20but%20it%20require%20PAT%20which%20has%20owner%20role%20assigned%20and%20this%20is%20not%20feasible%20in%20our%20org%20to%20provide%20highest%20permission%20for%20this%20integration.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2256807%22%20slang%3D%22en-US%22%3ERe%3A%2030%2B%20New%20Azure%20Sentinel%20Data%20Connectors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2256807%22%20slang%3D%22en-US%22%3E%3CP%3EWould%20be%20great%20if%20the%20Meraki%20Connector%20worked.%20I%20followed%20the%20meager%20documentation%2C%20installed%20the%20non-azure%20linux%20VM%20agent%2C%20created%20the%20workspace%2C%20pointed%20our%20Meraki%20devices%20to%20the%20VM%20via%20syslog%20and%20the%20troubleshooter%20returns%20no%20errors%20but%20nothing%20ever%20makes%20its%20way%20to%20Sentinel.%20The%20sample%20queries%20all%20report%20back%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22notification-wrapper%20ng-star-inserted%22%3E%3CDIV%20class%3D%22notification-container%20error%22%3E%3CDIV%20class%3D%22notification-content%22%3E%3CDIV%20class%3D%22notification-message%20ng-star-inserted%22%3E%3CSTRONG%3E%3CU%3E'summarize'%20operator%3A%20Failed%20to%20resolve%20table%20or%20column%20expression%20named%20'CiscoMeraki'%20If%20issue%20persists%2C%20please%20open%20a%20support%20ticket.%20Request%20id%3A%208f8d3eee-d625-4965-b13d-9fbc654e4132%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FDIV%3E%3CDIV%20class%3D%22notification-message%20ng-star-inserted%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22notification-message%20ng-star-inserted%22%3EWhich%20I%20assume%20is%20because%20nothing%20is%20getting%20there.%20I%20know%20this%20box%20worked%20before%20because%20I%20had%20connected%20Mimecast%20to%20it%2C%20but%20the%20documentation%20for%20that%2C%20vs%20this%2C%20was%20vastly%20different%20(way%20more%20in-depth)%20so%20it's%20as%20if%20huge%20parts%20of%20how%20to%20connect%20this%20are%20being%20left%20out%20entirely.%20Hard%20to%20preview%20something%20when%20the%20guidance%20is%20so%20minimal.%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22container-end%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22container-end%22%3EThe%20troubleshooter%20did%20show%20URL%20data%20for%20the%20Meraki's%20in%20the%20logs%20when%20ran%20but%2C%20yeah%2C%20beyond%20that%20this%20thing%20is%20dead%20stick.%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2396704%22%20slang%3D%22en-US%22%3ERe%3A%2030%2B%20New%20Azure%20Sentinel%20Data%20Connectors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2396704%22%20slang%3D%22en-US%22%3E%3CP%3EDarktrace%3F%26nbsp%3B%20Netwrix%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Mar 02 2021 05:53 AM
Updated by: